Hello Philipp,
I use to (reliably) run from two to four parallel instances of isakmpd on
same boxes (for years) - first using different ports, then different IPs.
It seems like they've had to (peacefully) share the SADB. Did I just not
have enough tunnels to trigger the problem? If this isn't the case, why
can't iked be as "nice" as isakmpd? Just wondering.
Thursday, August 30, 2018, 10:39:21 AM, you wrote:
PB> Hi,
PB> Am 30.08.2018 10:27 schrieb Sebastian Reitenbach:
>> Hi,
>>
>> I'm wondering if it would be possible to add iked to my box already
>> running isakmpd.
>> I found this quite old thread:
>> http://openbsd-archive.7691.n7.nabble.com/iked-isakmpd-on-the-same-machine-td246610.html
PB> Why is it "always" my old threads in this area? :-)
PB> I was not following development too closely, but I think that on the
PB> kernel side
PB> things have not changed. Which means iked and isakmpd will happily "toe
PB> tap"
PB> on each others SADB in the kernel (even if there is *some* PID
PB> handling).
PB> Would like to hear if kernel side has "improved" lately, but the overall
PB> standpoint
PB> looks like: IKEv1 is dead (e.g. see the removal of IKEv1 stubs in iked
PB> some "months ago").
PB> [Still stuck with my ikev2 with strongswan on a different box solution]
PB> HTH... wait, no:
PB> ciao
--
Best regards,
Boris mailto:psilon@prodigy.net
No comments:
Post a Comment